I want to set up auditing on a SQL database so I see server and database auditing like below :
so this shows there is auditing on the SQL server and also the SQL db. I can do this quite easily in terraform by pointing to /master and I can get the server auditing done - so like this :
#---- Diagnostic Logging ----
resource "azurerm_monitor_diagnostic_setting" "main" {
name = "Diagnostic Settings - Master"
target_resource_id = "${azurerm_mssql_server.main.id}/databases/master"
log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
log {
category = "SQLSecurityAuditEvents"
enabled = true
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
lifecycle {
ignore_changes = [log, metric]
}
}
and this section applies it to the /master db (server).
resource "azurerm_mssql_server_extended_auditing_policy" "main" {
server_id = azurerm_mssql_server.main.id
log_monitoring_enabled = true
}
although I need it on the server, I also need it on two databases which sit on the server. Any help with this because I cannot seem to sort it.
Threre is no need to create a db level but if you do required it then. you can do this by changing this line to the name of your db.
target_resource_id = "${azurerm_mssql_server.main.id}/databases/master"
master points at you server level, but if you want a policy at the db level then change this to your db name.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.